Commit Graph

36 Commits

Author SHA1 Message Date
0f4cf1078a fix(ui,runtime,search): stabilize markdown/table rendering, runtime notices, and title/search config
This commit bundles a coordinated fix set across frontend and backend runtime flows:\n\n1) Markdown table overflow UX\n- Wrap rendered markdown tables in a dedicated horizontal-scroll container.\n- Preserve wrapper attributes through sanitize so styles always apply.\n- Keep page-level horizontal scroll disabled while allowing in-container table scroll.\n- Improve table container visual consistency (border/radius/shadow/scrollbar behavior).\n\n2) Code block horizontal jitter\n- Adjust code/pre scrollbar gutter and box model handling to remove left-right jump.\n\n3) Execution mode auto-fallback sync + toast behavior\n- Add expiry-driven frontend sync timer for direct->sandbox fallback state refresh.\n- Ensure permission/execution UI state updates at expiry time.\n- Keep fallback warning toast persistent but avoid false-positive toasts when simply switching to sandbox conversations.\n- Trigger fallback toast only when a real direct-expiry transition is detected.\n\n4) Runtime guidance/notify display consistency\n- Unify live polling rendering behavior with history replay behavior.\n- Restore real-time display of guidance/notify/sub-agent/background-command messages.\n- Keep runtime_mode_notice hidden only in idle state as requested.\n\n5) Backend runtime notice emission policy\n- Suppress runtime mode notice insertion when no task is running (idle path).\n- Preserve notice injection when task is actively running.\n\n6) Tool-call ordering safety for injected completion notices\n- Delay inline sub-agent/background-command completion message insertion until all parallel tool calls in the same assistant turn are finished.\n- Prevent invalid assistant/tool_call ordering that causes provider 400 errors for missing tool_call_id responses.\n\n7) Left panel scrolling behavior\n- Enable vertical scrolling for project files / todo / sub-agent / background-command panels.\n- Hide panel scrollbars while preserving scroll capability.\n\n8) Tavily multi-key selection support\n- Introduce config/search.py with selectable env variable name for Tavily key resolution.\n- Keep existing AGENT_TAVILY_API_KEY naming compatible.\n- Export search config through config package.\n\n9) Dedicated conversation-title model config\n- Add AGENT_TITLE_API_BASE_URL / AGENT_TITLE_API_KEY / AGENT_TITLE_MODEL_ID.\n- Route title generation calls to these dedicated credentials/model with fallback defaults.\n\n10) Supporting updates\n- Update .env.example to document new Tavily and title-generation env vars.\n- Include current custom model profile tweak (kimi-k2.6).\n\nValidated with:\n- npm run build\n- python3 -m py_compile (affected backend/config modules)\n- python3 -m unittest test.test_server_refactor_smoke
2026-05-13 15:13:52 +08:00
e2bbd767f7 feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX
This commit consolidates a large set of host-mode security and UX fixes across backend and frontend.

Security / execution model:
- Make permission/execution mode switches apply immediately (no deferred pending-only behavior).
- Keep runtime mode change notices durable and visible via user-message guidance path.
- Add explicit runtime message source taxonomy support and persistence:
  user / presend / guidance / notify / sub_agent / background_command.
- Ensure guidance/notify insertion is batched per tool-cycle so mid-run inserts are committed together.
- Separate notify from guidance semantics for mode-change notices.
- Add direct-mode auto-fallback handling visibility on frontend.

Approval and command gating:
- Align run_command approval pre-check logic with docker behavior for approval/auto_approval modes in host execution paths.
- Keep approval retry flow and final-result semantics intact when permission errors trigger approval.
- Externalize forbidden command keyword list into JSON config:
  config/forbidden_commands.json.
- Update forbidden command rejection message to user-facing wording:
  用户不允许执行包含“... ”的指令.

Prompt/runtime guidance:
- Refine execution-mode runtime rule text to avoid endless workaround loops:
  one safe alternative first, then request switching to direct mode when truly required.

Chat rendering / message UX:
- Prevent injected guidance/notify user-messages from incorrectly triggering assistant work header/timer chain.
- Restore correct visibility after history reload while preserving runtime-source behavior.
- Update user-header icon/label rendering by message source:
  - guidance -> 引导 + navigation icon
  - notify/sub_agent/background_command -> 通知 + bell icon
  - user/presend -> keep normal user header.
- Add new icons: static/icons/navigation.svg, static/icons/bell.svg.

Approval panel UX:
- Convert desktop approval panel from layout-compress sidebar to overlay + blur sheet.
- Fix panel transition behavior (remove unintended vertical motion; use dedicated desktop overlay transition).
- Improve approval result display:
  - decision and reason split lines,
  - green/red status styling,
  - multiline reason rendering,
  - auto-collapse delay adjusted to 3s.

Execution mode TTL feedback:
- When direct mode auto-expires to sandbox, frontend menu state is updated from status snapshot.
- Show non-auto-dismiss warning toast to explicitly notify auto-fallback.

Misc consistency updates:
- Execution mode label text cleanup in composer.
- Runtime notice wording normalization (权限模式修改为..., 执行环境修改为...).

Build/test notes:
- Frontend rebuilt after UI changes.
- Smoke tests passed for server refactor path.
2026-05-12 19:16:38 +08:00
8d665ad6de feat(permission): add auto-approval mode with approval agent, UI flow, and docs sync
Implemented a new permission mode  between  and , including backend policy, runtime behavior, frontend display, and documentation updates.

Backend & policy changes:

- Added  to permission mode validation and persistence paths.

- Updated tool permission evaluation: workspace-local  direct pass, out-of-workspace requires approval.

- Kept  readonly-first flow and added auto-approval decision path when permission denial occurs.

- Added approval reason/decider support in tool approval manager.

- Improved rejection tool-content format to natural language: '工具调用被拒绝\n原因:...'

- Fixed permission-mode sync edge cases on conversation create/load and restart-first-switch behavior.

Approval agent subsystem:

- Added  and .

- Added lightweight auto-approval config at  (name/url/key/model/extra_params + timeouts).

- Added optional transcript debug switch in code and transcript output under logs/approval_agent.

- Aligned transcript saving toward cumulative messages format and captured reasoning/content/tool_calls/tool sequence.

Frontend changes:

- Added  option to personalization and permission menus.

- Reworked approval panel auto-review display into a dedicated block with simplified lines: start, command, final approve/reject + reason.

- Added delayed sidebar auto-close (10s) after approval resolved.

- Added stricter permission-switch verification and rollback on mismatch/error.

Docs updated:

- Synced AGENTS.md, README.md, and docs/host_sandbox_and_permission_model.md with new permission mode, approval-agent behavior, config, and current constraints (including docker caveat).
2026-05-11 17:55:27 +08:00
a93f17010c feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI
This commit lands a broad host-security architecture update focused on enforceable sandbox execution, clearer permission semantics, and operator usability.

Core execution/security changes
- Introduce and wire a unified host sandbox runner for multi-OS execution:
  - macOS: sandbox-exec
  - Linux: bubblewrap + seccomp
  - Windows: WSL2 path
- Remove silent fallback behavior in failure paths; sandbox-unavailable cases now fail closed instead of dropping to unsafe host execution.
- Ensure host execution mode (sandbox/direct) is propagated consistently into runtime components, including sub-agent startup.

Permission mode model upgrade
- Rework readonly/approval behavior for run_command from brittle command-text gating to execution-layer enforcement:
  - readonly: run_command executes in read-only sandbox profile.
  - approval: run_command first executes read-only; when permission-denied is detected, request approval and retry once with writable sandbox for that single call.
- Tool loop now returns final post-approval execution result, not intermediate permission-denied payloads.
- Update permission-mode system messaging to describe user-visible behavior without exposing internal implementation details.

Path authorization system
- Add dynamic host policy module and persisted policy file.
- Support dual path classes:
  - writable_paths (read+write)
  - readable_extra_paths (read-only)
- Enforce file access in file_manager by access type (read vs write) under host mode.
- Add host-only frontend 路径授权 management dialog (settings三级菜单入口), including mode switch between 可读可写 and 仅可读 with separate drafts and save flow.

Sub-agent and terminal alignment
- Sub-agent process launch now respects host execution mode and sandbox controls in host mode.
- Keep terminal session model compatible with sandbox-first behavior and execution-mode propagation.

Tool surface updates
- Remove legacy file-management tools from active tool definitions (create_file/create_folder/rename_file/delete_file) while preserving historical conversation compatibility.

Docs updates
- Add dedicated architecture doc: docs/host_sandbox_and_permission_model.md
- Refresh README and AGENTS sections to reflect updated permission/execution model and path-authorization semantics.

Validation performed
- python unittest smoke suite passes: test.test_server_refactor_smoke
- frontend build passes: npm run build
- syntax checks for touched Python modules completed
2026-05-11 13:41:30 +08:00
6ee8cda2a7 feat(security): harden host execution model with sandbox/direct controls
This commit introduces a substantial security and runtime architecture update for host mode, with three major goals: (1) enforce OS-level sandboxing by default, (2) support a controlled temporary direct-execution escape hatch for admin users, and (3) eliminate silent fallback behavior that could hide risk.

Backend/runtime changes:\n- Added a unified host sandbox runner (macOS sandbox-exec / Linux bubblewrap+seccomp / Windows WSL2).\n- Converted host terminal creation to sandboxed interactive shells by default.\n- Kept run_command/run_python on the same execution policy and added host execution mode plumbing (sandbox|direct).\n- Added session-scoped direct mode with TTL auto-revert (default 10 minutes), configurable via environment.\n- Added execution mode APIs (GET/POST /api/execution-mode), host+admin gating, status propagation, and rate limiting.\n- Added runtime refresh hooks so tool calls honor TTL expiration and mode transitions consistently.\n- Removed docker->host silent fallback paths: docker startup/runtime failures now fail fast instead of degrading silently.\n- Added host sandbox prompt injection (host-only) to guide agent behavior under permission constraints.

Configuration and policy changes:\n- Added HOST_EXECUTION_MODE_DEFAULT and HOST_EXECUTION_DIRECT_TTL_SECONDS.\n- Added HOST_SANDBOX_MACOS_WRITABLE_PATHS to support user-defined writable path allowlists.\n- Updated macOS sandbox profile generation to use minimal defaults (workspace + tmp + /dev/null) plus explicit allowlist extensions.\n- Updated .env.example documentation for new execution/sandbox controls.

Frontend changes:\n- Extended permission popover to a two-column model (Permission + Execution Environment) for host admin sessions.\n- Added execution mode state/options to app state, fetching, and status synchronization flows.\n- Added execution mode switching action and user feedback toasts.\n- Kept warning emphasis via text styling only (removed warning border per UX request).

Validation:\n- Python syntax checks passed for modified backend modules.\n- Existing smoke tests passed: python3 -m unittest test.test_server_refactor_smoke\n- Frontend production build passed: npm run build
2026-05-10 19:19:01 +08:00
8395cf8b4b fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
b151f8ff71 feat: add host workspace manager, mcp-tool-config skill, and UI enhancements 2026-04-28 13:04:51 +08:00
591a5e64cc fix: 修复聊天区滚动锁定与手动上滚脱锁 2026-04-27 00:13:38 +08:00
383e68188c fix: stabilize show_html rendering and restore conversation mode state 2026-04-26 01:04:23 +08:00
33d270ff63 fix: stabilize show_html streaming rendering and recovery 2026-04-25 23:17:07 +08:00
1c928d7518 chore: backup snapshot before show_html scroll rework 2026-04-25 20:39:52 +08:00
070d77c070 fix: adapt deepseek custom models and harden todo/tool gating 2026-04-24 18:31:03 +08:00
3219df388b feat: 优化任务轮询和聊天区域渲染机制 2026-04-13 16:23:01 +08:00
49bd994cfa fix: stabilize task completion and chat auto-scroll behavior 2026-04-12 19:45:01 +08:00
aad958d2d9 fix(mobile): 用量统计点击不展开问题
- 添加 fromSettingsMenu 参数穿透
- 修复设置菜单中用量统计点击不展开弹窗的问题
- 移动端限制不再阻止设置菜单的用量统计功能
2026-04-12 13:41:26 +08:00
dcc6e3588e fix(ui): disable token panel expand on mobile tap
- 移动端禁用点击展开顶部用量面板
- 仅允许在已展开时点击收起
2026-04-12 01:13:26 +08:00
e3bf67d25d fix(mobile): 待审批时自动弹出并审批后收回面板 2026-04-11 18:59:14 +08:00
6379f8c729 feat: complete conversation versioning UX and restore workflow 2026-04-11 16:16:40 +08:00
34a6577f3a feat: ship permission/approval UI with mobile support and context usage ring 2026-04-11 04:07:55 +08:00
8be1c37b6a refactor(frontend): 整理应用逻辑层与状态管理 2026-04-10 14:34:01 +08:00
90233690ad feat: add json-based extensible model registry and dynamic model UI 2026-04-09 20:56:54 +08:00
a04eca3aab fix: unify background run_command notifications with sub-agent flow 2026-04-08 16:13:40 +08:00
d798d39da3 fix: persist onboarding prompt status and bump android app to 1.0.20 2026-04-07 20:08:33 +08:00
1a3235be09 fix: add connection heartbeat and polish mobile tap feedback 2026-04-07 00:04:44 +08:00
81d4c17ae7 feat: update app refresh entry and release metadata 2026-04-06 19:51:56 +08:00
7e03e3cd5f feat: stabilize context compression and deep-compact flow 2026-04-06 15:12:25 +08:00
a5412dae34 fix: adjust sub-agent notice spacing in minimal mode 2026-04-05 16:58:22 +08:00
3328d968d5 fix: align /new restore and first-send routing flow 2026-04-05 01:22:30 +08:00
c26cd3d3fd fix: 修复极简模式多个问题并恢复偏好设置自动应用
- 修复极简模式下步骤竖线距离SVG不均匀的问题
  - 使用flex布局让竖线自动填充空间
  - 添加负margin让竖线延伸到下一个步骤
  - 确保竖线上下距离SVG图标相等

- 修复SVG图标颜色问题
  - 统一使用灰色(--claude-text-tertiary)
  - 不再受颜色模式影响

- 修复思考内容自动滚动问题
  - 添加registerThinkingRef和handleThinkingScroll支持
  - 移除导致滚动异常的伪元素负margin
  - 实现与堆叠模式一致的自动滚动行为

- 修复轮询改造后偏好设置不自动应用的问题
  - 在loadInitialData中应用默认模型和运行模式
  - 在createNewConversation前应用偏好设置
  - 在loadConversation前应用偏好设置
  - 确保新建或切换对话时使用用户设置的默认值

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-04 16:18:15 +08:00
7912d3fd64 fix: 修复页面初始化时对话列表不加载的bug
问题描述:
- 页面刷新后对话列表显示"暂无对话记录"
- 必须创建新对话才会触发列表加载
- 用户体验很差

根本原因:
- loadInitialData() 方法中缺少 loadConversationsList() 调用
- 对话列表只在创建新对话时才会刷新(createNewConversation 第383行)
- 导致页面初始化时 conversations 数组为空

修复方案:
- 在 loadInitialData() 末尾添加对话列表加载
- 重置 conversationsOffset 为 0 确保从头加载
- 在其他初始化任务完成后执行,避免阻塞

测试:
1. 刷新页面,对话列表应立即显示
2. 创建新对话,列表应正常更新
3. 切换对话,列表应保持正常

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-04 01:08:13 +08:00
860fa7b539 feat(web): remove socket dependency from main chat flow 2026-04-03 11:34:42 +08:00
f3179e2a97 feat: 优化滚动锁定和个性化称呼功能
滚动锁定优化:
- 滚动锁定默认始终启用,不再根据输出状态自动解锁
- 深色模式下锁定图标显示为白色,与箭头图标保持一致

个性化称呼功能:
- AI 助手名称根据个性化设置中的"自称"动态显示
- 用户名称根据个性化设置中的"称呼"动态显示
- 页面初始化时自动加载个性化设置,无需打开个人空间
- 在"模型行为"中新增"使用自定义称呼"开关
- 开关关闭时显示默认的"AI Assistant"和"用户"
- 修复保存后开关状态被重置的问题

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-13 12:10:08 +08:00
ed82fc966e fix: improve sub-agent ui and state 2026-03-11 15:40:28 +08:00
a4d3160b0a fix: 修复页面加载时出现两次动画的问题
问题原因:
- Socket 事件(conversation_changed, status_update 等)在初始化期间与 bootstrapRoute 并发执行
- loadConversationsList 在初始化期间自动加载第一个对话
- 导致 currentConversationId 被多次设置,触发多次历史加载和动画

解决方案:
- 在 Socket 事件处理中添加 initialRouteResolved 检查
- 初始化完成前,Socket 事件不修改 currentConversationId
- loadConversationsList 在初始化完成前不自动加载对话
- 确保所有数据(历史、文件树、思考模式等)在同一时间加载完成

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-09 16:59:56 +08:00
43409c523e fix: 移除错误的对话切换跳转逻辑并修复工具执行返回值问题
主要修复:
1. 移除前端"取消跳转到正在运行的对话"的错误逻辑
   - 删除 switchConversation 中的任务检查和确认提示
   - 删除 createNewConversation 中的跳转回运行对话逻辑
   - 删除 loadConversation 中对未定义变量 hasActiveTask 的引用

2. 修复后端工具执行返回值问题
   - 修复 execute_tool_calls 在用户停止时返回 None 的 bug
   - 确保所有返回路径都返回包含 stopped 和 last_tool_call_time 的字典

3. 其他改进
   - 添加代码复制功能 (handleCopyCodeClick)
   - 移除 FocusPanel 相关代码
   - 更新个性化配置 (enhanced_tool_display)
   - 样式和主题优化

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-08 17:42:07 +08:00
66b846ee37 refactor: split frontend app modules 2026-03-08 00:03:14 +08:00